Criminals increasingly turned to tech during pandemic
The NCA's National Strategic Assessment 2021
28 May 2021
The National Crime Agency (NCA) has published its 2021 National Strategic Assessment on Serious and Organised Crime (NSA), which highlights the technological means used by criminals who pose serious and organised crime threats to the UK.
The forward to the 2021 NSA by the NCA's Director General, Dame Lynne Owens, notes that the threat of serious and organised crime has proved "resilient" in the face of the Covid-19 pandemic. It is unsurprising that, in times of such disruption and with the accompanying increasing reliance on technology, criminals have adapted and increasingly turn to tech to avoid detection. The NCA considers that its most effective means of disrupting offenders is to target the technologies and capabilities that enable them.
So what are the technologies and capabilities identified in the NSA as having the potential to enable or facilitate serious and organised crime?
Circumstantial cyber-enabled fraud
Cyber crime can be cyber-dependent (committed using computer technology, such as ransomware attacks) but also cyber-enabled (such as cyber-enabled fraud, or the use of crypto or virtual assets for money laundering).
The pandemic has offered the opportunity for offenders to attempt to exploit the uncertainty of the situation. For example, personal data and payment information has been targeted through phishing attempts purporting to relate to the vaccine roll-out. Readers will no doubt have had their own recent experiences of similar attempts at cyber-enabled fraud, such as text messages purporting to be from HMRC seeking personal data.
Concealment of identity and activities
The NCA has found that the pandemic has resulted in an increased take up of technological enablers to mask users' identities, hide their activities and stay ahead of the authorities.
Crypto or virtual assets
Last year's NSA was stark in the view of crypto presented, seeking to link the increase in its use more generally with an increase in its popularity and use for criminal activities. The NCA builds on this in the 2021 NSA by stating that the increasing difficulties in moving cash during lockdowns has mean that criminals have increasing turned to crypto assets to facilitate money laundering and to use those assets on dark web online marketplaces for illicit goods.
The dark web and cyber crime marketplaces
The dark web broadly comprises networks which use the internet, but are not visible to search engines and require anonymising software or authorisation to access it. It enables users to communicate anonymously without identifying information such as their location to be shared. The NCA's assessment is that the dark web has become more accessible to criminals through the availability of online guides, with dark web revenue also increasing - in part linked to the marketing of Covid-19 related items.
There has been an accompanying increase in marketplace trading of leaked credentials, particularly those allowing remote connection with victims' devices which are increasingly vulnerable due to remote working.
Last year's NSA stated that all current NCA investigations encountered some form of encryption, indicating the pervasive nature of the technology. For 2021, encryption continues to be identified as a key enabler to allow hidden communications and identities – including through use of relatively inexpensive and easy to use Criminally Dedicated Secure Communication (CDSC) devices, Secure Messaging Applications (SMP) and decentralised messaging applications. WhatsApp and Twitter are both called out by the NCA as having recently implemented automatic disappearing message functionality, allowing increased privacy for users – including criminal ones.
The NSA expects the threat of voice spoofing to continue, with a range of hard and software enabling users to disguise or alter their voice on calls allowing voice impersonation or manipulation - which could be used, for example, for extortion or 'vishing' (voice phishing) attacks.
It has certainly been our own experience over the 18 months that ransomware attacks have become increasingly prevalent, leading to the development of our Ransomware Playbook, aimed at helping organisations understand and address the risk of a ransomware attack. The NSA notes that this year has been notable for the increasing use by ransomware actors of an accompanying threat to publish stolen data – with over half of all ransomware attacks including such an addition. It also points to the increasing availability of tools which mean that criminals can cause significant disruption to businesses with only little and basic cyber capability.
Most interestingly, it draws attention to supply chain attacks, where access is sought to larger target companies by first attacking a less secure part of their supply chain – emphasising that a key focus of any cyber resilience strategy should be examination of third-party linkages and weak points.
As is to be expected, while organisations will wish to examine in each case the legality and appropriateness of whether to comply with ransomware demands, the NCA's clear view is that law enforcement does not encourage, endorse or condone the payment of ransom demands.
Money launderers have had to adapt as a result of the pandemic, with physical movement restrictions meaning cash has been increasingly difficult to move around. The NSA states that this has accelerated the criminal use of crypto assets and other methods.
In the 2020 NSA, the NCA warned that, by bringing crypto providers within the scope of the UK Money Laundering Regulations through implementation of 5MLD (the EU's Fifth Money Laundering Directive), there may be an increase in the perceived legitimacy and use of virtual assets. However, while the 2021 NSA does warn that broader adoption of crypto technology by mainstream financial services potentially provides a large market for criminal activity, it also states that anti-money laundering measures are "likely" to mitigate this risk "at scale".